RealSecurity Labs

We are an independent security research practice. We test how AI features, autonomous agents, and cloud systems hold up under real attack, and we write up the methods so other testers can reproduce them.

Most of what we do lives where automated scanners give up. Prompt injection and guardrail bypass in LLM apps. Authorization and business-logic flaws in web apps. Server-side trust boundaries in the cloud. We also build AiDx, our own lab for taking apart AI defenses one layer at a time.

AI & LLM Security

Prompt injection (direct, indirect, and RAG), agent and tool abuse, and data exfiltration, mapped to the OWASP LLM Top 10.

Guardrail & Agent Testing

We treat input filters, output classifiers, and system-prompt rules as things to break, not things to trust. Our tool AiDx drives that work, layer by layer.

Web & Cloud

Authorization flaws (IDOR and BOLA), business-logic abuse, SSRF, and the server-side trust boundaries that scanners walk straight past.

Latest writing

Attack-in-Depth: Breaking AI Defenses with AiDx
Jun 16, 2026
The Guardrails Teams Deploy, and Where They Crack
May 19, 2026
CVE-2026-0766: Remote Code Execution in OpenWebUI
Mar 28, 2026
Tool Poisoning and the MCP Attack Surface
Mar 24, 2026
Prompt Injection Is the New Injection
Feb 18, 2026